March27, 2019

Intelligence Agencies have confirmed that our election systems are a target for foreign adversaries, yet election vendors continue to sell equipment with known vulnerabilities

The Ranking Members of the Senate Rules, Intelligence, Armed Services, and Homeland Security Committees are requesting information about the security of voting systems

WASHINGTON – U.S. Senator Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee with oversight jurisdiction over federal elections, sent a letter to the country’s three largest election system vendors with questions to help inform the best way to move forward to strengthen the security of our voting machines. In the U.S., the three largest election equipment vendors—Election Systems & Software, LLC; Dominion Voting Systems, Inc.; and Hart InterCivic, Inc.—provide the voting machines and software used by ninety-two percent of the eligible voting population. However, voting and cybersecurity experts have begun to call attention to the lack of competition in the election vendor marketplace and the need for scrutiny by regulators as these vendors continue to produce poor technology, like machines that lack paper ballots or auditability.

Klobuchar was joined on the letter by Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, Senator Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, and Senator Gary Peters (D-MI), Ranking Member of the Senate Homeland Security Committee.

“The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections,” the senators wrote. “The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”

We write to request information about the security of the voting systems your companies manufacture and service.

The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections. Following the attack on our election systems in 2016, the Department of Homeland Security (DHS) designated election infrastructure as critical infrastructure in order to protect our democracy from future attacks and we have taken important steps to prioritize election security. We appreciate the work that your companies have done in helping to set up the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector.

Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems. Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.

On February 15, the Election Assistance Commission’s (EAC) Commissioners unanimously voted to publish the proposed Voluntary Voting System Guidelines 2.0 (VVSG) Principles and Guidelines in the Federal Register for a 90 day public comment period. As you know, this begins the long-awaited process of updating the Principles and Guidelines that inform testing and certification associated with functionality, accessibility, accuracy, auditability, and security. The VVSG have not been comprehensively updated since 2005 – before the iPhone was invented – and unfortunately, experts predict that updated guidelines will not be completed in time to have an impact on the 2020 elections. While the timeline for completing VVSG 2.0 is frustrating, these guidelines are voluntary and they establish a baseline – not a ceiling – for voting equipment. Furthermore, VVSG 1.1 has been available for testing since 2015.

In other words, the fact that VVSG 2.0 remains a work in progress is not an excuse for the fact that our voting equipment has not kept pace both with technological innovation and mounting cyber threats. There is a consensus among cybersecurity experts regarding the fact that voter-verifiable paper ballots and the ability to conduct a reliable audit are basic necessities for a reliable voting system. Despite this, each of your companies continues to produce some machines without paper ballots. The fact that you continue to manufacture and sell outdated products is a sign that the marketplace for election equipment is broken. These issues combined with the technical vulnerabilities facing our election machines explain why the Department of Defense’s Defense Advanced Research Projects Agency (DARPA) is reportedly working to develop an open source voting machine that would be secure and allow people to ensure their votes were tallied correctly.

As the three largest election equipment vendors, your companies provide voting machines and software used by 92 percent of the eligible voting population in the U.S. This market concentration is one factor among many that could be contributing to the lack of innovation in election equipment. The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.

In order to help improve our understanding of your businesses and the integrity of our election systems, we respectfully request answers to the following questions by April 9, 2019:

What specific steps are you taking to strengthen election security ahead of 2020? How can Congress and the federal government support these actions?

What additional information is necessary regarding VVSG 2.0 in order for your companies to begin developing systems that comply with the new guidelines?

Do you anticipate producing systems that will be tested for compliance with VVSG 1.1? Why or why not?

What steps, if any, are you taking to enhance the security of your oldest legacy systems in the field, many of which have not been meaningfully updated (if at all) in over a decade?

How do EAC certification requirements and the certification process affect your ability to create new election systems and to regularly update your election systems?

Do you support federal efforts to require the use of hand-marked paper ballots for most voters in federal elections? Why or why not?

How are you working to ensure that your voting systems are compatible with the EAC’s ballot design guidelines (i.e. “Effective Designs for the Administration of Federal Elections”)?

Experts have raised significant concerns about the risks of ballot marking machines that store voter choice information in non-transparent forms that cannot be reviewed by voters (i.e. such as barcodes or QR codes), noting that errors in the printed vote record could potentially evade detection by voters. Do you currently sell any machines whose paper records do not permit voters to review the same information that the voting system uses for tabulation? If so, do you believe this practice is secure enough to be used in the 2020 election cycle?

Do you make voting systems with Cast Vote Records (CVRs) that can be reliably connected to specific unique ballots, while also maintaining voter privacy? If not, why not? Does your company make voting systems that allow for a machine-readable data export of these CVRs in a format that is presentation-agnostic (such as JSON) and can be reliably parsed without substantial technical effort? If not, why not?

Would you support federal legislation requiring expanded use of routine post-election audits, such as risk-limiting audits, in federal elections? Why or why not?

What portion of your revenue is invested into research and development to produce better and more cost effective voting equipment?

Congress is currently working on legislation to establish information sharing procedures for vendors regarding security threats. How does your company currently define a reportable cyber-incident and what protocols are in place to report incidents to government officials?

What steps are you taking to improve supply chain security? To the extent your machines operate using custom, non-commodity hardware, what measures are you taking to ensure that the supply chains for your custom hardware components are monitored and secure?

Do you employ a full-time cybersecurity expert whose role is fully dedicated to improving the security of your systems? If so, how long have they been on staff, and what title and authority do they have within your company? Do you conduct background checks on potential employees who would be involved in building and servicing election systems?

Does your company operate, or plan to operate, a vulnerability disclosure program that authorizes good-faith security research and testing of your systems, and provides a clear reporting mechanism when vulnerabilities are discovered? If not, what makes it difficult for your company to do so, and how can Congress and the federal government help make it less difficult?

How will DARPA’s work impact how your company develops and manufactures voting machines?

We look forward to your answers to these questions, and thank you for your efforts to work with us and with state election officials around the country to improve the security of our nation’s elections.